BigAl : I'm finding out. I read your article about using a different port other than 80 which I did.

DrTom : BigAl -- the 403 indicates maybe an authentication issue. Are you using Web Publishing or Server Publishing Rules?

BigAl : web publishing

Nicholas : Tom, if have my DNS Server forward unknown requests, do I have to make that system a SecureNAT client ?

DrTom : BigAl -- I've not tried it, but I don't think OWA supports publishing on an alternate port very well. However, I could be wrong becuase I've not tried it and I seem to recall other people saying they got it to work OK

DrTom : Nichoas, servers should always be SecureNAT clients, they almost never should be Firewall clients

DrTom : BigAl - Web Publishing Rules should work. But you should add IP addresses to the internal interface of the ISA Server and bind the site to one of the new addresses

BigAl : ye i found it didn't work well. So i tried disabling socket spooling and still get the 403 error

DrTom : That what you don't get any conflicts with autodiscovery publishing

DrTom : BigAl- are you using SSL for the connection yet?

BigAl : no

DrTom : BigAl- another important thing is that you use ONLY Basic Authentication. That means removing the Digest and Integrated options from the OWA folders

BigAl : I'll give that a try.

DrTom : BigAl- I have all the details on how to do setup OWA and Exchange on the ISA Server in my ISA Sever and Beyond book

DrTom : However, they might also have some information on this in the FP1 docs

BigAl : Ye, I have your first book and it was great. I just recently saw where you published a second book.

DrTom : Nicholas, yes. Try your internal DNS first. If that works, leave it that way and it should continue to work fine.

DrTom : BigAl - thanks for the compliments on the first book! I didn't spend much time on supporting services on the ISA Server itslef in that book, becuase its not a recommneded config

BigAl : FP1 docs?

DrTom : However, so many wanted to do it that I did the second book and dedicated a lot of time and pages to the subject!

croush : Anyone here using Mail Essentials 8 on a W2K SMTP server setup to forward to Exchange? I am noticing a huge delay 30-60 minutes in processing mail since I have installed it.

DrTom : Nicholas, Great!

DrTom : BigAl - FP1 is Feature Pack 1

BigAl : Gotcha!

DrTom : Check it out over at www.microsoft.com/isaserver

8Nicholas has left the conversation.

DrTom : BigAl - if you do use the Basic Authentication only option, make sure you secure the credentials with SSL

DrTom : Its pretty easy to create your own certificate server and create your own certificates. You can even do it on the SBS server machine.

BigAl : I see.

croush : Dr.Tom, did you ever find out what the deal with Amazon preselling your book ISA Server 2003?

DrTom : Croush, yes -- our publisher was expecting the next version of ISA Server to be out much earlier than it will be

DrTom : They though it would be available in January of this year

DrTom : Maybe January of next year

DrTom : But we'll definitely have a book on it when it does come out!

BigAl : One more question. I use InoculateIT 6.0 on the same server and I can't do automatic virus signature updates using ftp. Any ideas?

croush : ah...have any new books in the works?

DrTom : BigAl -- Most of these apps using FTP to download the updates. Go to www.isaserver.org and type FTP in the Search box, you should see FTP packet filters show up

DrTom : Croush -- a couple of cool books in the works, but I can't tell you about them yet

DrTom : If I told you, well, you know

croush :

DrTom : LOL!

BigAl : Will do. It's funny because workstations behind the ISA server can update just fine, just not the server itself.

croush : nothing like getting on a hitlist via a chat room

croush : are the workstations running the firewall client?

DrTom : BigAl- the reason for that is that Protocol and Site/Content Rules don't apply to the ISA Server machine

BigAl : no

DrTom : You have to create packet filters for apps on the ISA Server itself

DrTom : Croush- LOL! No hit list yet

BigAl : gotcha. I tell you small business server can be a bear.

croush : yep they sure can

DrTom : BigAl- I agree! There are a lot of special things you need to do to get ISA Sever to work correctly, most of it is socket pooling related, but multihomed DCs and RRAS on multihomed DCs is a REAL challange!

DrTom : The good news is that almost all of the problems can be fixed

BigAl : Looks like I need to pick up your second book

DrTom : Hey guys, its 12NOON here, which means I need to turn into a pumpkin

DrTom : Thanks for coming to the chat, and I hope to see ya'll next week!

Tom Shinder

Tom Shinder is a Program Manager at Microsoft and has two decades of networking and security experience. He has written dozens of books, thousands of articles, and spoken at large industry conferences on the topics of IT infrastructure, Cloud computing, and cybersecurity. In his free time, Tom enjoys participating in equine prediction markets.

Featured Product

Featured Product

Latest Podcast

Recommended

Follow Us

ISAServer.org Chat Transcript for May 8 2003

TECHGENIX

TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.